GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Wordpress users beware! [Vulnerability] (https://gfy.com/showthread.php?t=853494)

Ecchi22 09-07-2008 11:14 PM
Wordpress users beware! [Vulnerability]
 
There's new Wordpress exploit out there that can be dangerous..

Affected version is the newest one (2.6.1) and it works only if you have enabled user registration option.. It is disabled by default, so if you don't know what it is, relax.. But if you have it turned on, I'd recommend you to disable it for now, until someone post solution to this.

Attacker can change the Administrator password (but the real admin will receive the new password on his e-mail, so you'll notice it for sure)

Source: http://www.milw0rm.com/exploits/6397

:upsidedow

Ecchi22 09-07-2008 11:15 PM
If you wanna check if your blog have registration enabled just go to yourblog.com/wp-login.php?action=register

Aussie Rebel 09-07-2008 11:22 PM
thanks and bump

klaze 09-07-2008 11:48 PM
my enemie's site: "User registration is currently not allowed." darn.

Angry Jew Cat - Banned for Life 09-07-2008 11:59 PM
wordpress has got more holes than your local country club

mynameisjim 09-08-2008 12:04 AM
Quote:
Originally Posted by Angry Jew Cat (Post 14722332)
wordpress has got more holes than your local country club
No kidding. I wish they would just focus on making it secure instead of adding new features which are pretty useless. It should be a bare bones, secure foundation to which you can add plugins.

beta-tester 09-08-2008 02:18 AM
Thanks for heads up man!

AlienQ - BANNED FOR LIFE 09-08-2008 02:23 AM
Man I can not imagine the numbers of retards that spends weeks on weeks and in some cases months on months to find some silly nuance to take advantage of a software script online.

Thats life that needs a life. Fucking sad pathetic useless people.
But ya goto love it makes the software more secure in the long run.

All my blogs got that shit turned off though:)
THanks for the heads

MoreMagic 09-08-2008 03:26 AM
Hee stop playing security agent, still waiting on our themes :thumbsup

Quote:
Originally Posted by Ecchi22 (Post 14722237)
There's new Wordpress exploit out there that can be dangerous..

Affected version is the newest one (2.6.1) and it works only if you have enabled user registration option.. It is disabled by default, so if you don't know what it is, relax.. But if you have it turned on, I'd recommend you to disable it for now, until someone post solution to this.

Attacker can change the Administrator password (but the real admin will receive the new password on his e-mail, so you'll notice it for sure)

Source: http://www.milw0rm.com/exploits/6397

:upsidedow

kmanrox 09-08-2008 03:32 AM
ive notified the wp devs just in case they didnt know

The Duck 09-08-2008 03:33 AM
thank you dude

seeandsee 09-08-2008 03:52 AM
thanks, to the top

Ecchi22 09-08-2008 04:25 AM
Quote:
Originally Posted by MoreMagic (Post 14722653)
Hee stop playing security agent, still waiting on our themes :thumbsup
I'm really sorry for the huge delay! We'll talk on ICQ, my friend's PC crashed and he lost his HDD but somehow he managed to backup the files, hope I can finish them soon enough. :(

u-Bob 09-08-2008 12:11 PM
no surprise there... wp is one of the crappiest pieces of code out there...

V_RocKs 09-08-2008 02:45 PM
Sends the new password to the real admins email.. not your own...


All times are GMT -7. The time now is 01:38 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123